Using Game Theory to analyze Risk
to Privacy
Lisa Rajbhandari
Einar A. Snekkenes
Agenda
•
•
•
•
•
•
•
Introduction
Background
Issues focused on this paper
Why Game Theory?
A privacy scenario
Limitations
Conclusion
2
Introduction
•
•
•
•
Right to privacy
Identity information used widely
Might be misused, stolen or lost
Increase risk to privacy – Information being used as a Commodity
– Identity theft, online frauds
– Tracking , profiling of individuals
3
Aim
• Like all other risks, privacy risks must be
managed.
• Identification and understanding of risk.
• Perform risk analysis and evaluation.
• Suitable method ?
4
Background
Game Theory
• Branch of mathematics
• John von Neumann and Oskar Morgenstern
(1944)
• John Nash – ‘Nash Equilibrium’
• Technique of studying situations of
interdependence or strategic interactions
among rational players [Watson].
• Used in many fields.
[Watson] Joel Watson. Strategy : An Introduction to Game Theory. W. W. Norton & Company, 2nd edition, 2008.
5
Probabilistic Risk Analysis (PRA)
• Risk level- estimated by studying
– the likelihood and consequences of an event
– probabilities in a qualitative \quantitative scale.
• ‘One-person game’ [Ronald]
• Challenges: [Bier]
– Subjective judgement
– Human error and performance
[Ronald] Ronald D. Fricker, J.: Game theory in an age of terrorism: How can statisticians contribute? (http://faculty.nps.edu/) Department of
Operations Research, Naval Postgraduate School.
[Bier] V.M. Bier. Challenges to the acceptance of probabilistic risk analysis. Risk Analysis, 19:703{710, 1999.
6
Comparison
Risk Analysis
PRA
Game Theory
Collect data
Ask for subjective probability or
historical data
Ask for preferences
Compute risk
Compute risk (eg. Expected value)
Compute probability and outcome
(eg. Nash Equilibrium)
Decide what to do
Decide what to do
Decide what to do
Table 1. Comparison of general Risk Analysis steps: Using PRA and Game Theory
7
Issues focused on this paper
• Suitability of game theory for privacy risk
analysis
• How are the utilities of the players calculated?
8
Why Game Theory?
• In a game theoretic setting,
– Situation in a form of a game.
– Benefits are based on outcomes.
– Incentives of the players are taken into
account.
Image taken from: http://www.sxc.hu/pic/m/s/st/stelogic/905072_poker_chips_cards_and_dice_1.jpg
9
Why Game Theory?
• Risk analysis can be based
– On outcomes which the subjects can
provide rather than subjective probability.
– Settings where no actuarial data is
available.
10
A privacy scenario
Collects & stores
private user’s
information
1.Request for purchase & provide private information
2. Provides the requested service
Provide the private
Service
Provider (SP)
3. Revisit
User
information
Third Party
4. Customized purchase recommendations
according to the privacy policy
Recommendations ‘hit’User-saves additional time
SP- additional sales
• Tempting for the SP to breach the agreed privacy
policy.
• User-incurs additional cost (time wasting
activities).
11
Assumptions
• Game of complete information.
• The players are intelligent and rational.
• They have common knowledge about the game
being played.
• They have their best interest to optimize their
utilities.
12
Privacy Scenario (Normal form)
User(U)
Service Provider (SP)
Non-Exploit (NE)
a11, b11
a12, b12
a21, b21
a22, b22
Fake data
Not Provide(NP)
Genuine data
Provide(P)
Exploit (E)
13
Survey Results
• User - Survey data
• SP - Assumed values
• Utilities - Hours saved or lost.
User provides information
For User
Genuine Fake
For SP
Genuine Fake
SP usage according to policy
1
0,2
1
-0,01
SP usage in breach of policy
-0,9
-0,01
0,5
-0,2
14
Game Solution
User provides information
For User
Genuine Fake
For SP
Genuine Fake
SP usage according to policy
1
0,2
1
-0,01
SP usage in breach of policy
-0,9
-0,01
0,5
-0,2
Service Provider (SP)
q
User(U)
Exploit(E)
p
• No pure strategy Nash Equilibrium
•Obtain mixed strategy Nash Equilibrium
1-p
Provide(P)
NotProvide(NP)
1-q
NotExploit(NE)
0.1 , 1.5
1 ,1
0.19, -0.21
0.2, -0.01
Fig: Normal form representation
15
Mixed strategy NE and Expected
outcome
16
Limitations
1. Small survey.
2. In real world situation - partial information.
17
Conclusion
• Preferences of the subjects vary highly.
• Assigning an appropriate utility.
• Risk analysis can be based on the outcomes.
• Apply the standard risk analysis techniques.
18
Thank you !
19